1

SDN and the Hidden Nature of Complexity

(a whirlwind tour through the nature of complex networks)

David MeyerCTO and Chief Scientist, Brocade

Director, Advanced Technology Center, University of OregonMPLS/SDN 2013Washington, DC

dmm@{brocade.com,uoregon.edu,1-4-5.net,…}http://www.1-4-5.net/~dmm/talks/mpls_sdn_2013.pdf

2

Agenda

• Goals/Premise/Thesis

• Macro Trends?

• Robustness, Fragility, and Complexity– And what does this have to do with SDN?

• Universal Architectural Principles

• A Few Conclusions and Q&A if we have time

3

Goal of this Talk

To open up our thinking about what the essential architectural features of our network are, how these features combine to provide robustness (and its dual, fragility), and how the universal architectural features we find in both technological and biological networks effect Internet robustness.

4

PremiseBiological and advanced technological systems are robust and evolvable even in the face of large changes in environment and system components, yet can simultaneously be extremely fragile to small perturbations.

This Robust Yet Fragile (RYF) complexity is found wherever we look. Remarkably, a key feature of such RYF-complex systems is that it is the same universal architectural features that makes these systems robust and evolvable also creates severe, even catastrophic fragilities to tail events.

5

Thesis

Advanced technological networks and biology exhibit striking similarity (convergence1) at “higher” levels of organization.

As such there is a lot we as network engineers can learn from the study of networking in other domains. This is particularly true when thinking about how protocols are deployed and why some are hard to change.

So what are Robustness, Fragility, and Complexity, and how can they inform design and operation of our networks?

1 Why should this be?

6

What is Complexity?

“In our view, however, complexity is most succinctly discussed in terms of functionality and its robustness. Specifically, we argue that complexity in highly organized systems arises primarily from design strategies intended to create robustness to uncertainty in their environments and component parts.”

See Alderson, D. and J. Doyle, “Contrasting Views of Complexity and Their Implications For Network-Centric Infrastructures”, IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 4, JULY 2010

7

Robustness vs. Complexity

Increasing number of policies, protocols, configurations and interactions (well, and code)

Domain of the Fragile

Domain of the Robust

A syste

m needs complexity

to achieve ro

bustness

Biology and technology

Another way to look at the CR Boundary

Robustness

Complexity

Biology and technology

Physics

simple hard

robust

fragile

Bummer

Original slide courtesy John Doyle

9

So what are Robustness and Fragility?

• Definition: A [property] of a [system] is robust if it is [invariant] with respect to a [set of perturbations], up to some limit– Robustness is the preservation of a certain property in the presence of uncertainty in components or the

environment

• Fragility is the opposite of robustness– If you're fragile you depend on 2nd order effects (acceleration) and the “harm” curve is concave– A little more on this later…

• A system can have a property that is robust to one set of perturbations and yet fragile for a different property and/or perturbation the system is Robust Yet Fragile– Or the system may collapse if it experiences perturbations above a certain threshold (K-fragile)

• For example, a possible RYF tradeoff is that a system with high efficiency (i.e., using minimal system resources) might be unreliable (i.e., fragile to component failure) or hard to evolve– Another example: VRRP provides robustness to failure of a router/interface, but introduces fragilities in

the protocol/implementation– Complexity/Robustness Spirals

See Alderson, D. and J. Doyle, “Contrasting Views of Complexity and Their Implications For Network-Centric Infrastructures”, IEEE TRANSACTIONS ON SYSTEMS, MAN, AND CYBERNETICS—PART A: SYSTEMS AND HUMANS, VOL. 40, NO. 4, JULY 2010

10

Robust Yet FragileRYF Examples

Efficient, flexible metabolism Complex development and Immune systems Regeneration & renewal Complex societies Advanced technologies

Obesity and diabetes Rich microbe ecosystem Inflammation, Auto-Im. Cancer Epidemics, war, … Catastrophic failures

• “Evolved” mechanisms for robustness allow for, even facilitate, novel, severe fragilities elsewhere

• Often involving hijacking/exploiting the same mechanism– We’ve certainly seen this in the Internet space (consider DDOS of various varieties)

• These are hard constraints (i.e., RYF behavior is conserved)

11

System features cast as Robustness

• Scalability is robustness to changes to the size and complexity of a system as a whole

• Evolvability is robustness of lineages to changes on various (usually long) time scales

• Other system features cast as robustness– Reliability is robustness to component failures– Efficiency is robustness to resource scarcity– Modularity is robustness to component rearrangements

• BTW, what are the features we’re seeking from SDN/NFV/Cloud?

12

Brief Aside: Fragility and Scaling (geeking out for a sec…)

• A bit of a formal description of fragility– Let z be some stress level, p some property, and – Let H(p,z) be the (negative valued) harm function– Then for the fragile the following must hold

• H(p,nz) < nH(p,z) for 0 < nz < K

• For example, a coffee cup on a table suffers non-linearly more from large deviations (H(p, nz)) than from the cumulative effect of smaller events (nH(p,z)) – So the cup is damaged far more by tail events than those within a few σ of the mean– Too theoretical? Perhaps, but consider: ARP storms, micro-loops, congestion collapse, AS 7007, …– BTW, nature requires this property

• Consider: jumping off something 1 foot high 30 times vs. jumping off something 30 feet high once

• When we say something scales like O(n2), what we mean is the damage to the network has constant acceleration (2) for weird enough n (e.g., outside say, 5 σ)– Again, ARP storms, congestion collapse, AS 7007, DDOS, … non-linear damage

Idea courtesy Nassim Taleb, see http://www.fooledbyrandomness.com/

13

So….

• Turns out that managing/understanding RYF behavior is the most essential challenge in technology, society, politics, ecosystems, medicine, etc. This means…– Managing spiraling complexity/fragility– Not predicting what is likely or typical – But rather understanding what is catastrophic (though perhaps rare)– understanding the hidden nature of complexity

• BTW, it is much easier to create the robust features than it is to prevent the fragilities– In addition, there are poorly understood “conservation laws” at work

• Thesis redux: Our technology (Internet) has reached a stage of ubiquity and complexity such that we face these same challenges – And what is the effect of s/w oriented technologies s/a SDN/NFV/Cloud?– Increasing feedback, variability, spiraling complexity Classic RYF

• and the nature of software itself (and how we build it)

Components and materials

Systems requirements: functional, efficient,robust, evolvable,

scalable

System and architecture

Perturbations

Perturbations

Robust yet fragile

fan-in of diverse

inputs

fan-out of diverse

outputs

Diversefunction

Diversecomponents

UniversalControl

Universal Architectural Principles

• Hourglasses for layering of control• Bowties for flows within layers

BowtieH

ourg

lass

Slide courtesy John Doyle

Universal Carriers

16

Ok, Key Architectural Takeaways?

• What we have learned is that there are universal architectural building blocks found in systems that scale and are evolvable. These include

– RYF complexity

– Bowtie/Hourglass architectures

– Protocol Based Architectures

– Massively distributed with robust control loops• Contrast optimal control loops and hop-by-hop control

– Highly layered• But with layer violations, e.g., Internet, overlay virtualization

– Degeneracy

17

Bowties 101 Constraints that Deconstrain

Schematic of a “Layer”

For example, the reactions and metabolites of coremetabolism, e.g., ATP metabolism, Krebs/Citric AcidCycle, … form a “metabolic knot”. That is, ATP is a Universal Carrier for cellular energy.

See Kirschner M., and Gerhart J., “Evolvability”, Proc Natl Acad Sci USA , 95:8420–8427, 1998.

1. Processes L-1 information and/or raw material flows into a “standardized” format (the L+1 abstraction)2. Provides plug-and-play modularity for the layer above3. Provides robustness but at the same time fragile to attacks against/using the standardized interface

18

But Wait a SecondAnything Look Familiar?

The Protocol Hourglass idea appears to have originated with Steve Deering. See Deering, S., “Watching the Waist of the Protocol Hourglass”, IETF 51, 2001, http://www.iab.org/wp-content/IAB-uploads/2011/03/hourglass-london-ietf.pdf. See also Akhshabi, S. and C. Dovrolis, “The Evolution of Layered Protocol Stacks Leads to an Hourglass-Shaped Architecture”, http://conferences.sigcomm.org/sigcomm/2011/papers/sigcomm/p206.pdf.

Bowtie Architecture Hourglass Architecture

Layering of Control

The Nested Bowtie/Hourglass Architecture of the Internet

19

Flows within Layers

IP PacketsConnectionsDatagramsPorts

TCP/UDP

ConnectionsDatagramsPorts

RESTHTTP(S)

REST

Layering of Control/Abstractions

HTTP BowtieInput: Ports, Datagrams, ConnectionsOutput (abstraction): RESTTCP/UDP Bowtie Input: IP PacketsOutput (abstraction): Ports, Datagrams, Connections

20

NDN Hourglass

See Named Data Networking, http://named-data.net/

In Practice Things are More ComplicatedThe Nested Bowtie/Hourglass Architecture of Metabolism

See Csete, M. and J. Doyle, “Bow ties, metabolism and disease”, TRENDS in Biotechnology, Vol. 22 No. 9, Sept 2004

• Each layer is abstracted as an optimization problem• Operation of a layer is a distributed solution• Results of one problem (layer) are parameters of others• Timescale separation (operate at different timescales)

Xx

pcRx

xUi

iix

)( tosubj

)( max0

BTW, we can look at layering as optimization decomposition

application

transport

network

link

physical

Application: utility

IP: routing Link: scheduling

Phy: power

So…Biology vs. the Internet

Similarities• Evolvable architecture• Robust yet fragile• Layering, modularity• Hourglass with bowties • Dynamics• Feedback• Distributed/decentralized• Not scale-free, edge-of-

chaos, self-organized criticality, etc

Differences• Metabolism• Materials and energy • Autocatalytic

feedback• Feedback complexity• Development and

regeneration• > 3B years of

evolutionAn Autocatalytic Reaction is one in whichat least one of the reactants is also a product.The rate equations for autocatalytic reactionsare fundamentally non-linear.

24

Summary/Conclusions

• Robust systems “might be” intrinsically hard to understand– RYF complexity is an inherent property of complex technology– Software (e.g., SDN, NFV, Cloud, …) exacerbates the situation– And the Internet has reached an unprecedented level of complexity…

• Nonetheless, many of our goals for the Internet architecture revolve around how to achieve robustness…– which requires a deep understanding of the necessary interplay between complexity

and robustness, modularity, feedback, and fragility• which is neither accidental nor superficial

– Rather, architecture arises from “designs” to cope with uncertainty in environment and components

• Understanding these universal architectural features will help us achieve the scalability and evolvability (operability, understandability) we’re seeking from the Internet architecture today– Multi-disciplinary approaches (e.g., Systems Biology) provide a template of how we

might go about this.

25

Q&A

Thanks!